From c7ce84c1d067a19220abb6dbbf87c4118a2e14fe Mon Sep 17 00:00:00 2001 From: CoprDistGit Date: Thu, 14 Sep 2023 03:04:49 +0000 Subject: automatic import of stb --- 1230.patch | 32 ++++++++++++++++++++++++++++++++ 1 file changed, 32 insertions(+) create mode 100644 1230.patch (limited to '1230.patch') diff --git a/1230.patch b/1230.patch new file mode 100644 index 0000000..c4846bb --- /dev/null +++ b/1230.patch @@ -0,0 +1,32 @@ +From b5d9d9719b001c67ca922df547a85a0fae364997 Mon Sep 17 00:00:00 2001 +From: Neil Bickford +Date: Fri, 15 Oct 2021 11:04:41 -0700 +Subject: [PATCH] stb_image PNG: Checks for invalid DEFLATE codes. + +Specifically, this rejects length codes 286 and 287, and distance codes 30 and 31. +This avoids a scenario in which a file could contain a table in which +0 corresponded to length code 287, which would result in writing 0 bits. + +Signed-off-by: Neil Bickford +--- + stb_image.h | 3 ++- + 1 file changed, 2 insertions(+), 1 deletion(-) + +diff --git a/stb_image.h b/stb_image.h +index d60371b95..ab616c56d 100644 +--- a/stb_image.h ++++ b/stb_image.h +@@ -4256,11 +4256,12 @@ static int stbi__parse_huffman_block(stbi__zbuf *a) + a->zout = zout; + return 1; + } ++ if (z >= 286) return stbi__err("bad huffman code","Corrupt PNG"); // per DEFLATE, length codes 286 and 287 must not appear in compressed data + z -= 257; + len = stbi__zlength_base[z]; + if (stbi__zlength_extra[z]) len += stbi__zreceive(a, stbi__zlength_extra[z]); + z = stbi__zhuffman_decode(a, &a->z_distance); +- if (z < 0) return stbi__err("bad huffman code","Corrupt PNG"); ++ if (z < 0 || z >= 30) return stbi__err("bad huffman code","Corrupt PNG"); // per DEFLATE, distance codes 30 and 31 must not appear in compressed data + dist = stbi__zdist_base[z]; + if (stbi__zdist_extra[z]) dist += stbi__zreceive(a, stbi__zdist_extra[z]); + if (zout - a->zout_start < dist) return stbi__err("bad dist","Corrupt PNG"); -- cgit v1.2.3